package com.example.controller;

import com.example.annotations.*;
import com.example.service.DemoService;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 在类上标记@security
 * 结果预期：
 * zhangsan、lisi：可访问该类下全部方法，
 * wangwu：只可访问query3方法
 *
 * @author kangshuai
 */
@Controller
@Security({"zhangsan", "lisi"})
@RequestMapping("/demo")
public class DemoSecurityClassController {


    /**
     * 按类型注入
     */
    @Autowired
    private DemoService demoService;

    /**
     * 按指定名称注入
     */
    @Autowired("testService")
    private DemoService testService;

    /**
     * 该方法只允许 zhangsan、lisi、wangwu 通过
     *
     * @param request
     * @param response
     * @param name
     * @return
     */
    @Security("wangwu")
    @RequestMapping("/query3")
    public String query3(HttpServletRequest request, HttpServletResponse response, String name) {
        return demoService.get(name);
    }

    /**
     * 该方法只允许 zhangsan、lisi 通过
     *
     * @param request
     * @param response
     * @param name
     * @return
     */
    @RequestMapping("/query4")
    public String query4(HttpServletRequest request, HttpServletResponse response, String name) {
        return testService.get(name);
    }
}

